Peter Maynard
YOU?
Author Swipe
Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure Open
Cyber Security Incident Response (IR) Playbooks are used to capture the steps required to recover from a cyber intrusion. Individual IR playbooks should focus on a specific type of incident and be aligned with the architecture of a system …
Operations-informed incident response playbooks Open
Cyber security incident response playbooks are critical for establishing an effective incident response capability within organizations. We identify a significant conceptual gap in the current research and practice of cyber security playbo…
Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure Open
The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fish…
Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas\n Fisher and the 'Hacktivist' Threat to Critical Infrastructure Open
The hacktivist threat actor is listed in many risk decision documents. Yet\ntheir tactics and techniques often remain a mystery. We create a MITRE ATT&CK\n(ATT&CK) model of a well known hacktivist who goes under the pseudonym of\nPhineas F…
Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks Open
We describe a new class of packet injection attacks called Man-on-the-Side Attacks (MotS), previously only seen where state actors have "compromised" a number of telecommunication companies. MotS injection attacks have not been widely inve…
Decomposition and sequential-AND analysis of known cyber-attacks on critical infrastructure control systems Open
We perform a detailed survey and analysis of the most significant attacks, which have targeted industrial control systems over the past decade, based on detailed incident reports from scientific and non-traditional resources. This work is …
ICS Interaction Testbed: A Platform for Cyber-Physical Security Research Open
To perform cyber security research on cyber-physical systems, the involvement of real physical systems and components is an obvious benefit. However, in the area of industrial control systems, limited accessibility to operational systems f…
An Open Framework for Deploying Experimental SCADA Testbed Networks Open
A scalable framework for automatically deploying locally (or remotely) a number of virtual machines that replicate a Supervisory Control And Data Acquisition (SCADA) network is proposed. This includes multiple virtual hosts emulating senso…
Using Application Layer Metrics to Detect Advanced SCADA Attacks Open
Current state of the art intrusion detection and network monitoring systems have a tendency to focus on the ’Five-Tuple’ features (Protocol, IP src/dst and Port src/dest). As a result there is a gap in visibility of security at an applicat…
Censorship and Surveillance in the Digital Age: The Technological Challenges for Academics Open
The “Snowden leaks” and censorship methods used during the Arab Spring have brought warranted attention to technologically supported censorship and surveillance (Bauman et al. 2014; Deibert and Crete-Nishihata 2012, 344). The public is now…
Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid Open
The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with eas…
Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction Open
In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Co…